JP4829993B2 - Control device, authentication system, and program - Google Patents

Description

  The present invention relates to a technique for authenticating a user.

  Patent Documents 1 and 2 disclose a technique for authenticating using an image as authentication information. In Patent Document 1, a preview image is generated from a distribution video and transmitted to the client. When the image transmitted from the client at the time of authentication matches the preview image transmitted to the client, the client is given access rights. It is disclosed to provide. In Patent Document 2, a server transmits a plurality of types of images to a user terminal, and an image selected on the user terminal side is collated with an image registered in advance in a database on the server side. Is disclosed to authenticate a user.

JP 2005-269393 A JP 2005-346136 A

By the way, in places where many people come and go, such as offices and public facilities, visitors may be checked. As one of the checking methods, for example, there is a method in which a security guard visually confirms an entrance certificate distributed in advance to a visitor and determines whether the person is a legitimate visitor. However, if you continue to use the same admission card for a long time, it can be copied or forged, so it is not perfect in terms of security. In addition, there is an entrance / exit monitoring system in which the gate automatically opens and closes when an admission card is held over by an admission card such as an IC card, but the installation cost is high, and there is a traffic jam for visitors who wait to open and close the gate. May damage the aesthetics of the facility.
Therefore, an object of the present invention is to make authentication information difficult to be known by a third party in authentication using an image as authentication information.

  In order to solve the above-described problem, a control device according to claim 1 of the present invention provides an image in which a first image including a certain feature and a second image including a feature different from the feature are arranged. First generation means for generating first screen information to be displayed, wherein the first generation means changes the features included in the first image for each predetermined period; and The second generation means for generating the second screen information for displaying the information indicating the characteristics included in the image and the first screen information generated by the first generation means are authenticated. The first transmission means for transmitting to the first communication terminal, which is the communication terminal of the user, and the second screen information generated by the second generation means, the communication terminal of the user who performs the authentication Second transmission means for transmitting to the second communication terminal And wherein the door.

According to a second aspect of the present invention, there is provided a control device according to the first aspect, wherein the first communication terminal includes a plurality of the first communication terminals, and the first generation unit has different image contents for each of the first communication terminals. And generating the first screen information for displaying an image in which the first image and the second image in which the certain characteristic is shared by a plurality of the first communication terminals are arranged. It is characterized by that.
According to a third aspect of the present invention, there is provided the control device according to the second aspect, wherein the first generation means includes a second image having a content different from that of the first image and the first communication terminal. The first screen information for displaying an image on which the image is arranged is generated.
According to a fourth aspect of the present invention, there is provided a control apparatus according to the second or third aspect, further comprising confidential information acquisition means for acquiring confidential information indicating the confidentiality divided into a plurality of stages, The generation unit generates the first screen information so that the higher the confidentiality represented by the confidentiality information acquired by the confidentiality information acquisition unit, the more types of the first image.

According to a fifth aspect of the present invention, in the control device according to any one of the first to fourth aspects, the information indicating the characteristic included in the first image in the second screen information includes the characteristic. It is image information.
According to a sixth aspect of the present invention, in the control device according to any one of the first to fourth aspects, the information indicating the feature included in the first image in the second screen information represents the feature. It is characterized by the character information.

  An authentication system according to a seventh aspect of the present invention includes a control device, a first communication terminal of a user to be authenticated, and a second communication terminal that performs the authentication. A first generation unit configured to generate screen information for displaying an image in which a first image including a feature and a second image including a feature different from the feature are arranged; First generation means for changing features included in an image for each predetermined period, second generation means for generating information indicating features included in the first image, and the first generation means First transmitting means for transmitting the screen information generated by the first communication terminal to the first communication terminal, and information indicating the feature generated by the second generating means is transmitted to the second communication terminal. 2, and the first communication terminal includes the control unit. Receiving means for receiving the screen information transmitted by the first transmitting means, and display means for displaying the image represented by the screen information received by the receiving means of its own terminal, A communication terminal configured to receive information indicating the feature transmitted by the second transmission unit of the control device; an image displayed on the first communication terminal; and an image representing the read image Whether or not the feature represented by the information received by the receiving means of the terminal and the image data generating means for generating data is included in the image represented by the image data generated by the image data generating means. It comprises a judging means for judging and a notifying means for notifying a judgment result by the judging means.

  A program according to claim 8 of the present invention is a first program for causing a computer to display an image in which a first image including a certain feature and a second image including a feature different from the feature are arranged. First generation means for generating the screen information, wherein the first generation means for changing the feature included in the first image for each predetermined period; and the feature included in the first image. A second generation means for generating second screen information for displaying meaning information, and a communication terminal of a user who is authenticated with the first screen information generated by the first generation means. A first transmission control means for transmitting from the communication means to the first communication terminal and the second screen information generated by the second generation means, the communication of the user who performs the authentication Communication means for the second communication terminal, which is a terminal Function as a second transmission control means for al transmitted.

  According to the present invention, in authentication using an image as authentication information, the authentication information is hardly known by a third party.

The figure which shows the whole structure of the authentication system which is one Embodiment of this invention. The block diagram which shows the hardware constitutions of a server apparatus. The block diagram which shows the hardware constitutions of the terminal for security | security. The block diagram which showed the hardware constitutions of the terminal for employees. The figure which shows an example of the functional structure which the control part of a server apparatus implement | achieves. The figure which shows an example of a management authentication image. The figure which shows an example of a distribution authentication image. The sequence diagram which shows the pre-registration process performed between a server apparatus and a security terminal. The sequence diagram which shows the pre-registration process performed between a server apparatus and the terminal for employees. The sequence diagram which is performed between the server equipment and the security terminal and shows the authentication process. The sequence diagram which shows the authentication process performed between a server apparatus and the terminal for employees. The figure which shows an example of a distribution authentication image and a management authentication image. The block diagram which shows the hardware constitutions of an authentication terminal.

(A) Configuration of Embodiment An embodiment of the present invention will be described with reference to the drawings. In this embodiment, a case where the present invention is applied to an authentication system for authenticating each employee who is an office visitor will be described.
FIG. 1 is a diagram showing an overall configuration of an authentication system according to an embodiment of the present invention. The authentication system 1 of the present embodiment includes a server device 10, a security terminal 20, and employee terminals 30-1, 30-2, and 30-3. The server device 10, the security terminal 20, and an employee Each of the terminals 30-1, 30-2, and 30-3 is communicably connected via the communication network 100. The security terminal 20 and the employee terminals 30-1, 30-2, 30-3 are respectively mobile phones. Here, only three employee terminals 30-1, 30-2, 30-3 are shown to prevent the figure from becoming complicated, but these are employees belonging to the office and are used for authentication. One employee per person, that is, there are as many employees as there are. Since these employee terminals 30-1, 30-2, and 30-3 all have the same configuration and operation, they are collectively referred to as “employee terminal 30” when it is not necessary to distinguish between them in the following description. The security terminal 20 is carried by a security guard who is a user who performs authentication as a person who performs a task of checking a person who wants to enter the office. The number of the security terminals 20 is “1” here, but a plurality of security terminals 20 may be provided if there are a plurality of security guards. The communication network 100 is a communication network in which, for example, a mobile communication network and the Internet are connected via a gateway device. The mobile communication network is a network that provides a data communication service to the security terminal 20 and the employee terminal 30. In this authentication system, the server device 10 functions as a control device, the employee terminal 30 functions as a first communication terminal, and the security terminal 20 functions as a second communication terminal.

FIG. 2 is a block diagram illustrating a hardware configuration of the server device 10.
As illustrated in FIG. 1, the server device 10 is a computer that includes a control unit 11, a storage unit 12, and a communication unit 13. The control unit 11 includes an arithmetic unit including a CPU (Central Processing Unit), a RAM (Random Access Memory) that provides a work area, and a ROM (Read Only Memory) that stores various control programs. The arithmetic unit of the control unit 11 controls each unit of the server device 10 according to a procedure described in a control program stored in the ROM or a program stored in the storage unit 12. The storage unit 12 is a storage device such as an HDD (Hard Disk Drive), and stores various types of information. For example, the storage unit 12 stores an authentication application program and an authentication image generation program described later. The communication unit 13 is, for example, various modems that perform communication, and communicates with the security terminal 20 and the employee terminal 30 via the communication network 100.

FIG. 3 is a block diagram illustrating a hardware configuration of the security terminal 20.
As shown in the figure, the security terminal 20 includes a control unit 21, an operation unit 22, a display unit 23, an audio processing unit 24, a microphone 25, a speaker 26, a communication unit 27, and a storage unit 28. These units are connected via a bus 29 so that data can be exchanged.
The control unit 21 includes an arithmetic device including a CPU and a memory, and controls each unit of the security terminal 20 according to procedures described in various programs stored in the storage unit 28. The operation unit 22 includes a numeric keypad and supplies operation information corresponding to an operation by the user to the control unit 21. The display unit 23 is a display unit including, for example, a liquid crystal display or a liquid crystal driving circuit, and displays various information, an operation screen, and the like under the control of the control unit 21. The audio processing unit 24 performs D / A conversion on the data supplied as the transmission sound from the communication unit 27 to generate an audio signal to be supplied to the speaker 26 or the audio signal supplied as the reception sound from the microphone 25. Audio processing such as A / D conversion and generation of data to be transmitted via the communication unit 27 is performed. The microphone 25 outputs an audio signal representing the collected audio to the audio processing unit 24. The speaker 26 emits sound corresponding to the sound signal supplied from the sound processing unit 24. The communication unit 27 includes an antenna and a wireless communication circuit (not shown), and performs wireless transmission / reception with the base station of the communication network 100. The communication unit 27 functions as a receiving unit that receives information transmitted from the server device 10, for example. The storage unit 28 is, for example, an EEPROM (Electrically Erasable and Programmable Read Only Memory), and stores various types of information such as a program in which a procedure of processing executed by the control unit 21 is described.

FIG. 4 is a block diagram showing a hardware configuration of the employee terminal 30.
As shown in the figure, the employee terminal 30 includes a control unit 31, an operation unit 32, a display unit 33, an audio processing unit 34, a microphone 35, a speaker 36, a communication unit 37, and a storage unit 38. These units are connected via a bus 39 so that data can be exchanged. The configuration of the employee terminal 30 is the same as that of the security terminal 20 described above as the hardware configuration, and the configuration having the same name realizes an equivalent function. Therefore, the description is omitted here.

FIG. 5 is a diagram illustrating an example of a functional configuration realized by the control unit 11 of the server device 10.
As shown in the figure, the control unit 11 includes an update time notification unit 111, a management authentication image generation unit 112, a management authentication image transmission control unit 113, a request acquisition unit 114, a distribution authentication image generation unit 115, and a distribution authentication image transmission. Each function of the control unit 116 is realized. Each of these functions may be realized by one or a plurality of hardware circuits included in the control unit 11, may be realized by executing one or a plurality of programs by an arithmetic device, or a combination thereof. May be.
In the authentication system 1, the server device 10 generates screen information representing a screen displayed on the security terminal 20 and the employee terminal 30 as authentication information for authenticating the employee, and the screen information is displayed on the security terminal 20 and the employee. To the terminal 30 for use. The employee shows the screen displayed on his / her employee terminal 30 to the security guard, and the security guard compares the displayed screen with the screen displayed on his / her employee terminal 30 to be a legitimate employee. Judge whether there is. Here, although the screen information transmitted to the security terminal 20 and the screen information transmitted to the employee terminal 30 are partly in common, the other contents are different. Hereinafter, an image represented by screen information managed by a security guard and transmitted to the security terminal 20 is referred to as a “management authentication image”, and an image represented by the screen information distributed to the employee and transmitted to the employee terminal 30 is referred to as “management authentication image”. This is called “distribution authentication image”.

  The update time notification unit 111 measures the time, and generates a management authentication image indicating that the update time of the authentication image has arrived for every predetermined period (here, every hour) based on the time measurement result. Notification to the unit 112 and the distribution authentication image generation unit 115. When receiving the notification that the update time has come from the update time notification unit 111, the management authentication image generation unit 112 as the second generation unit displays the management authentication image on the security terminal 20 accordingly. Screen information (second screen information) is generated and supplied to the management authentication image transmission control unit 113. The management authentication image transmission control unit 113 as the second transmission control means outputs the screen information supplied from the management authentication image generation unit 112 to the communication unit 13 with the security terminal 20 as a destination. When the request acquisition unit 114 acquires the communication request received from the employee terminal 30 by the communication unit 13 from the communication unit 13, the request acquisition unit 114 notifies the distribution authentication image generation unit 115 to that effect. The distribution authentication image generation unit 115 as a first generation unit generates screen information (first screen information) for displaying the distribution authentication image on the employee terminal 30 in response to the notification from the request acquisition unit 114. And supplied to the distribution authentication image transmission control unit 116. The distribution authentication image transmission control unit 116 as the first transmission control means outputs the screen information supplied from the distribution authentication image generation unit 115 to the communication unit 13 with the employee terminal 30 as a destination. The communication unit 13 transmits the screen information toward the specified destination communication address. That is, the management authentication image transmission control unit 113 and the communication unit 13 function as a second transmission unit, and the distribution authentication image transmission control unit 116 and the communication unit 13 function as a first transmission unit.

FIG. 6 is a diagram showing management authentication images GA1 and GA2 provided to the security terminal 20 as an example of the management authentication image. In addition, the rectangular area | region of the same figure (a), (b) shows the range of the display area of the display part 23. FIG. Here, it is assumed that the management authentication image is updated every hour. That is, the validity period of one management authentication image is 1 hour.
FIG. 9A is a diagram showing a state when the management authentication image GA1 used within the period of “10 AM to 11:00 AM” is displayed on the security terminal 20. The screen displayed on the security terminal 20 includes a message “correct answer from 10:00 am to 11:00 am” and “is”, and a management authentication image GA1 indicating “◯”. Yes. The management authentication image GA <b> 1 indicating “◯” is an image including a feature “circle”, and this feature functions as authentication information of the authentication system 1. The period during which the management authentication image GA1 is valid as authentication information is “10 AM to 11:00 AM”. That is, outside this period, the management authentication image GA1 is invalid as authentication information. The management authentication image GA1 is generated by 10:00 am by the management authentication image generation unit 112, and is transmitted to the security terminal 20 as the arrival of 10:00 am.

  FIG. 4B is a diagram showing a state when the management authentication image GA2 used within the period of “11 AM to 12:00” is displayed on the security terminal 20. The screen displayed on the security terminal 20 includes a message “A correct answer from 11:00 am to 12:00 am” and “is” and a management authentication image GA <b> 2 indicating a heart. The management authentication image GA2 indicating the heart is an image including a feature of “heart shape”, and this feature functions as authentication information of the authentication system 1. The period during which the management authentication image GA2 is valid as the authentication information is “11 AM to 12:00”. That is, outside this period, this management authentication image GA2 becomes invalid as authentication information. The management authentication image GA2 is generated by 11:00 am by the management authentication image generation unit 112, and is transmitted to the security terminal 20 with the arrival of 11:00 am.

FIG. 7 is a diagram illustrating a distribution authentication image provided to the employee terminals 30-1 to 30-3 as an example of the distribution authentication image. In addition, each rectangular area of the same figure (a), (b) shows the range of the display area of the display part 33. FIG.
FIG. 6A is a diagram showing a state where a distribution authentication image used within the period of “10 AM to 11:00 AM” is displayed on the employee terminal 30. In FIG. 9A, a distribution authentication image GB11 is a distribution authentication image provided to the employee terminal 30-1, and a distribution authentication image GB12 is a distribution authentication image provided to the employee terminal 30-2. The authentication image GB13 is a distribution authentication image provided to the employee terminal 30-3. In the distribution authentication image GB11 provided to the employee terminal 30-1, four types of images indicating “◯”, “Δ”, “crescent moon”, and “hexagon” are arranged. Among these, since the feature included in the image indicating “◯” is “circle”, it is common to the feature of the management authentication image GA1 indicating “◯”. As described above, an image including features common to the features included in the management authentication image among the images constituting the distribution authentication image is hereinafter referred to as a “correct image” (first image). In other words, the management authentication image described above is image information that means a feature included in the correct image. Note that the feature “circle” included in the image indicating “O” corresponds to the correct image as long as it is in common with the feature of the management authentication image. For example, the size of the image indicating “O” and the image The difference between the position on the screen and whether the image is an ellipse or a perfect circle is not considered.

  On the other hand, the features included in “Δ”, “Crescent Moon”, and “Hexagon” included in the image other than the correct image within the range surrounded by the dotted line in FIG. 7A are included in the management authentication image GA1. It is different from the feature of “circle”. Hereinafter, such an image is referred to as a “dummy image” (second image). A plurality of dummy images are mixed in one correct image and included in the distribution authentication image. Similarly, in the management authentication image GB12 provided to the employee terminal 30-2, four types of images indicating “parallelogram”, “◯”, “rectangle”, and “cross” are arranged. Among these, an image indicating “◯” is a correct image, and the other images are dummy images. In addition, four types of images of “rectangle”, “◯”, “arrow”, and “star” are arranged in the management authentication image GB13 provided to the employee terminal 30-3. Among these, an image indicating “◯” is a correct image, and the other images are dummy images.

  FIG. 6B is a diagram showing a state where a distribution authentication image used within the period of “11:00 am to 12:00” is displayed on the employee terminal 30. In FIG. 5B, a distribution authentication image GB21 is a distribution authentication image provided to the employee terminal 30-1, and a distribution authentication image GB22 is a distribution authentication image provided to the employee terminal 30-2. The authentication image GB23 is a distribution authentication image provided to the employee terminal 30-3. Also in this case, screen information representing the distribution authentication image is generated according to the same rule as described with reference to FIG. That is, in the distribution authentication images GB21, GB22, and GB23, correct images indicating a heart including one feature common to the “heart shape” feature included in the management authentication image GA2 are arranged one by one. On the other hand, a plurality of dummy images having other characteristics are included.

(B) Operation of Embodiment Next, the operation of the authentication system 1 will be described. The processing executed by the authentication system 1 is roughly divided into “pre-registration processing” and “authentication processing”. The “pre-registration process” is a process that should be performed in advance before performing authentication using the authentication system 1. The “authentication process” is a process executed when authentication is performed using the authentication system 1.
(B-1) Pre-registration process (B-1-1) Pre-registration process between the server device 10 and the security terminal 20 FIG. It is a sequence diagram which shows the procedure of a "registration process."
This pre-registration process is a process for registering the security terminal 20 in the server device 10.
First, the guard operates the operation unit 22 of his / her security terminal 20 to instruct access to the server device 10. When the control unit 21 of the security terminal 20 receives an operation instructing this access through the operation unit 22, the control unit 21 transmits a communication request to the server device 10 through the communication unit 27. When the communication unit 13 receives this communication request via the communication unit 13, the control unit 11 of the server device 10 generates an authentication key using this as a trigger (step SA1). The control unit 11 generates an authentication code unique to the security terminal 20 in accordance with an algorithm described in the control program in the ROM or the storage unit 12. This authentication code is, for example, a password, and is used for the security terminal 20 to log in to the server device 10 in “authentication processing” described later. The control unit 11 transmits the generated authentication key to the security terminal 20 through the communication unit 13 (step SA2).

  When the control unit 21 of the security terminal 20 receives the authentication key from the server device 10 by the communication unit 27, the control unit 21 displays the content on the display unit 23. When the authentication key is displayed, the security guard makes a note of this or stores the data representing the contents of the screen in the security terminal 20 so as not to forget it. Next, the control part 21 transmits the information regarding the security terminal 20 including the solid identification number which is the identification information which identifies an own apparatus to the server apparatus 10 (step SA3). The solid identification number is identification information for assigning a different number to each mobile phone and identifying each mobile phone, and is stored in, for example, a ROM. In step SA3, the control unit 21 transmits information such as an e-mail address and a telephone number of the terminal itself to the server device 10 in addition to the individual identification number.

When the control unit 11 of the server device 10 receives the various information transmitted in step SA3, the control unit 11 stores the received information such as the individual identification number in the storage unit 12 (step SA4). Next, the control unit 11 transmits screen information for displaying the guidance screen on the display unit 23 of the security terminal 20 to the security terminal 20 in order to download the authentication application program to the security terminal 20. When the operation of the operation unit 22 for starting the download is performed by the security guard at the security terminal 20, the server device 10 is notified of that. In response to this notification, the control unit 11 of the server device 10 transmits an authentication application program to the security terminal 20 (step SA5). When receiving the authentication application program, the control unit 21 of the security terminal 20 stores it in the storage unit 28 (step SA6).
The above is the description of the pre-registration process performed between the server device 10 and the security terminal 20.

(B-1-2) Pre-registration process between server device 10 and employee terminal 30 FIG. 9 is a sequence showing a procedure of a “pre-registration process” performed between the server device 10 and the employee terminal 30. FIG.
This pre-registration process is a process for registering the employee terminal 30 in the server device 10.
First, the employee operates the operation unit 32 of his / her employee terminal 30 to instruct access to the server device 10. When receiving the operation indicating the instruction from the operation unit 32, the control unit 31 of the employee terminal 30 transmits a communication request to the server device 10 through the communication unit 37. When the communication unit 13 receives this communication request by the communication unit 13, the control unit 11 of the server device 10 generates an authentication key for the employee terminal 30 using this as a trigger (step SB1). The control unit 11 generates an authentication code unique to the employee terminal 30. This authentication code is, for example, a password, and is used for the employee terminal 30 to log in to the server device 10 in “authentication processing” to be described later. The control unit 11 transmits the generated authentication key to the employee terminal 30 through the communication unit 13 (step SB2).

  When the control unit 31 of the employee terminal 30 receives the authentication key from the server device 10 via the communication unit 37, the control unit 31 displays the content on the display unit 33. When the authentication key is displayed, the employee takes note of this or stores data representing the contents of the screen in his / her employee terminal 30 so as not to forget it. Next, the control part 31 transmits the information regarding the terminal 30 for employees including the identification number which is identification information which identifies an own apparatus to the server apparatus 10 (step SB3). In step SB3, the control unit 31 transmits information such as an e-mail address and a telephone number of the terminal itself to the server device 10 in addition to the individual identification number.

When the control unit 11 of the server device 10 receives the various information transmitted in step SB3, the control unit 11 stores information such as the received individual identification number in the storage unit 12 (step SB4). Next, the control unit 11 issues an authentication screen dedicated to the employee, sends an e-mail with a URL (Uniform Resource Locator) for accessing the authentication screen, and the e-mail address transmitted in step SB3. The URL of the authentication screen is notified by using the communication unit 13 and transmitting it to the employee terminal 30 (step SB5). When the employee terminal 30 receives this e-mail, the control unit 31 registers the URL of the notified authentication screen in its own device (step SB6). At this time, the employee uses the so-called “favorite function” provided in the employee terminal 30 to register the URL in the own terminal or store the contents of the screen in the own terminal at any time. Make sure you can access
The above is the description of the pre-registration process performed between the server device 10 and the employee terminal 30.

(B-2) Authentication process Next, an authentication process is demonstrated.
(B-2-1) Authentication Process Between Server Device 10 and Security Terminal 20 FIG. 10 is a sequence diagram showing a procedure of “authentication process” performed between the server device 10 and the security terminal 20. is there. In the following description, the control unit 11 of the server device 10 executes the authentication image generation program stored in the storage unit 12, and periodically (here, every hour) according to the algorithm described therein. It is assumed that screen information representing a management authentication image is generated.
The security guard operates the security terminal 20 registered in the server device 10 in the above-described pre-registration process and instructs the activation of the authentication application program before starting his / her working hours. In response to this instruction, the control unit 21 of the security terminal 20 reads the authentication application program from the storage unit 28 and activates it (step SC1). When starting the authentication application program, the control unit 21 prompts the guard to input an authentication key. When the operation unit 22 is operated by the security guard and the authentication key is input, the control unit 21 transmits the authentication key to the server device 10 by the communication unit 27 (step SC2).

  When the control unit 11 of the server device 10 receives the authentication key transmitted from the security terminal 20, the control unit 11 performs authentication depending on whether or not it matches the authentication key generated in step SA <b> 1 and stored in the storage unit 12. It is determined whether or not it is successful (step SC3). Here, the control unit 11 may authenticate the security terminal 20 using only the authentication code, or may perform authentication in combination with other information such as an e-mail address.

  When the controller 11 matches the authentication keys and determines that the authentication is successful in step SC3 (step SC3; YES), the controller 11 permits the security terminal 20 to log in. And the control part 11 produces | generates the transmission data containing the screen information showing the management authentication image effective at that time (step SC4). In addition, since the control part 11 has previously produced | generated and memorize | stored the screen information for displaying the information meaning the characteristic contained in a correct image in the memory | storage part 12, it reads this and produces | generates transmission data. This transmission data is data for displaying a screen including a management authentication image and a message as shown in FIGS. 6 (a) and 6 (b). The management authentication image included in this screen is referred to when the security guard checks the visitors. If the time here is a period of “10:00 am to 11:00 am”, a management authentication image GA1 as shown in FIG. 6A is used.

Next, the control part 11 of the server apparatus 10 transmits the transmission data produced | generated by step SC4 to the security terminal 20 by the communication part 13 (step SC5). When the transmission unit 27 receives the transmission data by the communication unit 27, the control unit 21 causes the speaker 26 to generate a ringing tone (alarm sound) to notify the security guard of the reception, and a screen included in the received transmission data. The management authentication image GA1 is displayed on the display unit 23 according to the information (step SC6). In this way, the control unit 21 displays the image information indicating the features included in the correct image of the management authentication image GA1.
The guard looks at the management authentication image GA1 displayed on the display unit 23, and determines the authentication information at that time. Here, the security guard recognizes that the authentication information is “circle”.

  When the control unit 11 of the server device 10 transmits the screen information representing the management authentication image as described above, the control unit 11 waits until the next update time comes. Note that the control unit 11 executes the processing steps SC4 and SC5 when a communication request is received from the security terminal 20 again during a period in which the update time is determined not to arrive (step SC7; NO). Thus, transmission data including screen information representing the management authentication image GA1 is transmitted to the security terminal 20.

  When the control unit 11 determines that the next update time (here, 11:00) has arrived (step SC7; YES), the control unit 11 displays screen information representing the management authentication image according to the algorithm described in the authentication image generation program. The transmission data including is generated (step SC8). Here, the control unit 11 changes the characteristics of the image that is the authentication information from the management authentication image GA1, and generates transmission data including screen information representing the management authentication image GA2 shown in FIG. 6B. .

And the control part 11 transmits the transmission data containing the management authentication image GA2 to the security terminal 20 (step SC9). The control unit 21 of the security terminal 20 that has received the transmission data notifies the security guard of the reception using a ring tone and replaces the management authentication image GA1 displayed so far with the received transmission data. The management authentication image GA2 is displayed on the display unit 23 in accordance with the screen information included in (step SC10). The security guard who sees this recognizes that the authentication information, which is a feature of the image, has been changed from “circle” to “heart”.
Thereafter, the server device 10 waits in the same manner as described above until the next update time arrives, and when the update time comes, the screen information representing the management authentication image is changed by changing the feature of the image as the authentication information. Generate and repeat the process in the same procedure. In this way, the control unit 11 periodically changes the authentication information (every hour) and transmits it to the security terminal 20. At this time, it is preferable that the control unit 11 does not match the features of the correct image at least before and after the update of the management authentication image, and does not match the features of the correct image within a period close to each other.

(B-2-2) Authentication Process Between Server Device 10 and Employee Terminal 30 FIG. 11 is a sequence showing a procedure of “authentication process” performed between the server device 10 and the employee terminal 30-1. FIG.
The employee arrives at the office and operates his / her employee terminal 30-1 to access the authentication screen in advance before arriving at the place where the security guard enters the building. When the control unit 31 of the employee terminal 30-1 requests the server device 10 to access the authentication screen, the server device 10 receives screen information for displaying the authentication screen. A screen is displayed (step SD1). The control unit 31 prompts the employee to input an authentication key by this display. The control unit 31 transmits the input authentication key to the server device 10 via the communication unit 37 (step SD2).

  When the control unit 11 of the server device 10 receives the authentication key transmitted from the employee terminal 30-1, the control key 11 is the authentication key generated in step SB1 and matches the one stored in the storage unit 12. Therefore, it is determined whether or not the authentication is successful (step SD3). Here, the control unit 11 may authenticate the employee terminal 30-1 using only the authentication code, or may perform authentication in combination with other information such as an e-mail address.

  When the control unit 11 determines that the authentication is successful in step SD3 (step SD3; YES), the control unit 11 permits the login of the employee and generates screen information representing the distribution authentication image (step SD4). If the time here is a period of “10:00 am to 11:00 am”, the control unit 11 displays, for example, screen information representing the distribution authentication image GB11 shown in FIG. Generate for.

  When the control unit 11 generates screen information representing such a distribution authentication image, the control unit 11 transmits the screen information to the employee terminal 30-1 through the communication unit 13 (step SD5). Receiving this screen information, the control unit 31 of the employee terminal 30-1 displays the distribution authentication image on the display unit 33 (step SD6). This distribution authentication image is distributed to an employee who is a visitor, and the employee presents the display unit 33 to the security guard in a state where the distribution authentication image is displayed. The security guard looks at the distribution authentication image, and permits the admission to the office as a legitimate visitor if the characteristics included in the management authentication image sent to him are included in the distribution authentication image. . On the other hand, if the distribution authentication image does not include an image including the feature described in the management authentication image, it can be determined that the authentication information is already invalid or the person who is not permitted to enter the office. , The guards take action accordingly.

  Similarly to the above, the screen information representing the distribution authentication images GB12 and GB13 is transmitted to the employee terminals 30-2 and 30-3, respectively, so that the employee has displayed these distribution authentication images. The display unit 33 may be presented to the guard. The security guard looks at the distribution authentication image and enters the office as a legitimate visitor if the distribution authentication image contains an image that includes the features described in the management authentication image sent to him. Will be allowed.

  Then, the control unit 11 of the server device 10 displays the distribution authentication images GB21 to GB23 shown in FIG. 7B by executing the above-described processing steps in the period of “11: 00 to 12:00”. The screen information for making it generate will be generated. During this period, the security guard permits the employee who presented the distribution authentication images GB21 to GB23 on which the correct image including “heart-shaped” as a feature is arranged as a valid visitor.

  As described above, the correct image included in the distribution authentication image functions as authentication information given to each employee. On the other hand, the characteristics of the dummy image are different for each user. The reason why the dummy image is used is to prevent the employee himself / herself or a third party from determining which correct image is. As a result, even if a distribution authentication image is viewed by a malicious third party, it is not immediately known which image is the correct image, making it difficult to copy or forge the image that is the authentication information.

  Further, since the employee can obtain the distribution authentication image in advance on his / her employee terminal 30 before arriving at the office, and can perform authentication only by showing it to the security guard, the work itself is delayed. It is done smoothly and traffic jams are unlikely to occur in places where admission is checked. In addition, the management authentication image and the distribution authentication image, which are authentication information, are updated as appropriate, such as every hour, so even if the contents of the authentication information are known to a third party and they are used illegally, they are updated. If a certain amount of time has passed since the time, the authentication information has already been invalidated.

  Furthermore, since the characteristics common to the distribution authentication image and the management authentication image may be those having the property that humans (guards) can determine the identity, the characteristics of the image having the property that the device cannot determine the identity are identified by the authentication information. Can be used as Further, since an image is used as the authentication information, the content of the authentication information itself is more interesting than when a password made of a character string is used. For example, there is use that employees show each other's distribution authentication images and apply the characteristics of correct images, so the appeal effect is high. In addition, since different images are distributed from time to time, it is possible to expect what kind of image will be distributed next time, and it is possible to give an unprecedented interest to authentication work.

(C) Modified Example The present invention can be implemented in a form different from the above-described embodiment. Moreover, you may combine each of the modification shown below.
(C-1) Modification 1
Instead of the distribution authentication image and management authentication image described in the embodiment, the distribution authentication image and management authentication image shown in FIG. 12 may be used.
In this case, on the screen containing the management authentication image, “The correct answer from 10:00 am to 11:00 am“ white flowers ”. "Is included. That is, in the screen information representing the management authentication image, as shown in the area GA3 surrounded by the dotted line in FIG. 12, information indicating the feature included in the correct image is character information representing the feature. In the case of the distribution authentication image, in this case, an image showing “white flowers” arranged in the distribution authentication images GB31 and GB32 functions as authentication information. Here, a flower having white petals is arranged in the distribution authentication image GB31, and a plurality of white flowers are arranged in the distribution authentication image GB32. Even if a malicious third party looks at the distribution authentication images GB31 and GB32, it cannot immediately determine whether the feature of the image, which is authentication information, is the type of flower or the number of flowers. Therefore, it can be said that the image characterized by the type and number of flowers functions as a dummy image, and authentication information is difficult to leak.

(C-2) Modification 2
In the embodiment described above, the security terminal 20 is a mobile phone, but various communication terminals such as a personal computer, a PDA (Personal Digital Assistant), or a wireless LAN terminal can be used. On the other hand, various communication terminals can be applied to the employee terminal 30, but a terminal excellent in portability is preferable. When the function executed by the arithmetic unit of the control unit 11 is realized by executing a program, each program is stored in a magnetic recording medium such as a magnetic tape or a magnetic disk, an optical recording medium such as an optical disk, or a magneto-optical recording medium. It can be provided in a state of being stored in a computer-readable recording medium such as a semiconductor memory. It is also possible to download this program via a network such as the Internet.
Moreover, the content of the image used as a correct image may be anything, and the kind of images, such as a character, a photograph, an illustration, does not ask | require. Any image may be used as long as the security guard can determine characteristics common to the distribution authentication image and the management authentication image. Any number of dummy images may be included in the correct image.

(C-3) Modification 3
In the above-described embodiment, the security guard visually confirms the distribution authentication image presented by the employee and determines the legitimacy of the visitor. However, the authentication terminal understands the characteristics of the correct image. May do. In this configuration, the authentication terminal 40 is used as the second communication terminal instead of the security terminal 20. In addition, the server device 10 periodically changes information indicating the characteristics of the correct image and periodically transmits the information to the authentication terminal 40. The authentication terminal 40 identifies the feature of the correct image based on the received information.

FIG. 13 is a block diagram illustrating a hardware configuration of the authentication terminal 40 according to this modification.
The authentication terminal 40 includes a reception unit 41, a reading unit 42, a determination unit 43, and a notification unit 44.
The receiving unit 41 is, for example, a modem that performs communication. The receiving unit 41 receives information indicating the feature of the correct image transmitted from the server device 10 and outputs the information to the determination unit 43. The reading unit 42 as image data generating means is, for example, a digital camera. When the distribution authentication image represented by the screen information transmitted to the employee terminal 30 is displayed on the display unit 33 and the employee presents it, the employee The image displayed on the service terminal 30 is read, and read image data representing the read image is generated. The determination unit 43 acquires the read image data from the reading unit 42 and analyzes the read image data. Based on the feature supplied from the receiving unit 41, the determining unit 43 determines whether or not a feature that is valid as authentication information within the period is included in the image represented by the read image data. For example, the determination unit 43 determines whether there is an image pattern representing a correct image such as “◯” in the image represented by the read image data, and has succeeded in authentication depending on the presence or absence of the image pattern. Is sent to the notification unit 44. The notification unit 44 notifies the determination result of the determination unit 43 by displaying a message such as “authentication was successful” or “authentication failed” by the display device. This notification mode may be any mode such as a mode in which an alarm sound is emitted from a speaker. The security guard determines whether the employee can enter the building based on the notification result.

  In this configuration, the authentication terminal 40 may have a function of detecting that the same distribution authentication image is presented a plurality of times. In the embodiment described above, different distribution authentication images are provided for each employee. However, if the same distribution authentication image is presented a plurality of times, there is a high possibility that the image has been duplicated or forged. Therefore, the authentication terminal 40 stores, for example, read image data, and determines the identity with the stored read image data every time authentication is performed and new read image data is generated. When the authentication terminal 40 detects that the same distribution authentication image is presented a plurality of times, the authentication terminal 40 notifies an error indicating the fact. Thereby, higher security can be ensured.

(C-4) Modification 4
There may also be a case where an employee who is a legitimate visitor intentionally shows a distribution authentication image to a third party and leaks authentication information. In order to prevent this, the server device 10 may add identification information for identifying each employee to the distribution authentication image and provide it. This identification information includes, for example, a photograph of an employee's face and information obtained by encoding an employee number. In this configuration, in step SD4 of the authentication process, when the control unit 11 generates screen information representing the distribution authentication image, information for identifying each employee is added to the screen information. The control unit 11 identifies the employee permitted to log in by the authentication key transmitted in step SD2, and based on this, identifies which employee information is added to the distribution authentication image. With this configuration, even if the distribution authentication image is illegally used, the culprit can be immediately identified.
In addition, when the security terminal 20 is lost or stolen and the server device 10 is notified of this, it is preferable to stop the delivery of the management authentication image toward the security terminal 20. This notification may be triggered by a setting operation performed on the server device 10 by an office system administrator or the like, or may be notified by communication. The same applies when the employee terminal 30 is lost or stolen.

(C-5) Modification 5
In the embodiment described above, the server device 10 provides a distribution authentication image in which the characteristics included in the distribution authentication image are common to each other and the contents of the correct image are different for each employee. According to this configuration, a distribution authentication image that is different for each employee can be used as identification information for identifying each employee. For example, when entering the office, only the presence or absence of a correct image, the security officer determines whether the authentication is successful, and when entering a place with high security in the office, an image provided near the door The reader can be made to read the distribution authentication image displayed on the employee terminal 30, and the image reading device can recognize the distribution authentication image and perform authentication to identify each employee from the contents of the image. . Alternatively, the security guard may look at the distribution authentication image and specify each employee from the content of the image.

  Further, for example, a part or all of the correct images included in each distribution authentication image may be duplicated among the employees, such as using five types of distribution authentication images for 100 employees. The dummy images may be partly or entirely common for each employee, but it is preferable that the images are different so that the dummy images are not immediately identified.

  Further, the number of types of distribution authentication images generated by the server device 10 may be varied according to the set confidentiality. In this case, the control unit 11 of the server device 10 acquires confidentiality information indicating the confidentiality classified into a plurality of levels. This confidentiality may be determined, for example, by an administrator of the office server device 10 according to conditions such as the level of confidentiality required for information handled in the office and the number of employees in the office. And the control part 11 produces | generates the screen information showing a distribution authentication image so that the kind of correct image increases so that the confidentiality which the acquired confidential information represents is high. According to this configuration, the control unit 11 of the server device 10 stores the screen information representing the distribution authentication image once generated in the storage unit 12, and when there is a communication request from another employee terminal 30, Since it is only necessary to read and transmit, the processing amount to be executed can be further reduced as compared with the configuration of the embodiment. The lower the confidentiality, the fewer the types of correct images (ie, the types of distribution authentication images), and the less frequently the control unit 11 generates screen information for displaying them. Becomes larger.

  Further, the control unit 11 may change the frequency of updating the management authentication image and the distribution authentication image according to the sensitivity. In this case, the control unit 11 increases the frequency of updating these authentication images (that is, the frequency of changing the characteristics of the correct image) as the confidentiality increases. According to this configuration, when high confidentiality is required, higher security can be secured, and when high confidentiality is not required, the authentication image is not updated more than necessary. The processing amount to be executed by the control unit 11 is reduced. Further, the control unit 11 may increase the number of dummy images included in the distribution authentication image as the confidentiality is higher, and make the correct image more difficult to understand.

(C-6) Modification 6
In the above-described embodiment, the server device 10 generates screen information representing a distribution authentication image in step SD4 of the authentication process, triggered by a notification from the employee terminal 30. Instead of this, the server device 10 may generate screen information representing a distribution authentication image in advance at a certain time interval and store the screen information in the storage unit 12. In this case, in step SD4, the server device 10 only has to read the screen information representing the distribution authentication image from the storage unit 12 and transmit it to the employee terminal 30, so that the processing in the authentication process is more than that in the embodiment. The amount is reduced.

(C-7) Modification 7
In the embodiment, the case where the present invention is applied to an office authentication system has been described. However, in addition to this, for example, the authentication system can be applied to various places requiring authentication such as an event venue. In this case, only the user who performs the authentication and the user who performs the authentication are different, and the other configuration may be the same as that of the authentication system described in the embodiment.
In the above-described embodiment, the authentication of the security guard or the employee is performed using the authentication key. However, this configuration may be omitted. In this case, the authentication in the authentication system 1 can be further accelerated. In addition, when using an authentication key, an authentication method such as biometric authentication such as fingerprint authentication may be employed without being limited to a configuration in which a user manually inputs.

DESCRIPTION OF SYMBOLS 1 ... Authentication system, 10 ... Server apparatus, 100 ... Communication network, 11 ... Control part, 111 ... Update time notification part, 112 ... Management authentication image generation part, 113 ... Management authentication image transmission control part, 114 ... Request acquisition part, 115: Distribution authentication image generation unit, 116: Distribution authentication image transmission control unit, 12, 28, 38 ... Storage unit, 13, 27, 37 ... Communication unit, 20 ... Security terminal, 21, 31 ... Control unit, 22, 32 ... operation unit, 23, 33 ... display unit, 24, 34 ... audio processing unit, 25, 35 ... microphone, 26, 36 ... speaker, 29, 39 ... bus, 30, 30-1, 30-2, 30- 3 ... A terminal for employees.

Claims (8)

A first generation unit configured to generate first screen information for displaying an image in which a first image including a certain feature and a second image including a feature different from the feature are arranged; First generating means for changing the characteristics included in the first image for each determined period;
Second generation means for generating second screen information for displaying information indicating features included in the first image;
First transmission means for transmitting the first screen information generated by the first generation means to a first communication terminal which is a communication terminal of a user to be authenticated;
A second transmission unit configured to transmit the second screen information generated by the second generation unit to a second communication terminal that is a communication terminal of a user who performs the authentication. Control device. There are a plurality of the first communication terminals,
The first generation means includes the first image having a different image content for each of the first communication terminals, and the first image having a certain characteristic common to a plurality of the first communication terminals, and the second image The control device according to claim 1, wherein the first screen information for displaying an image on which the image is arranged is generated. The first generation means is configured to display the first screen information for displaying an image in which the first image and a second image having a different image content for each first communication terminal are arranged. The control device according to claim 2, wherein the control device is generated. A confidential information acquisition means for acquiring confidential information indicating the confidentiality divided into a plurality of stages is provided.
The first generation unit generates the first screen information so that the higher the confidentiality represented by the confidentiality information acquired by the confidentiality information acquisition unit, the more types of the first image. The control device according to claim 2 or 3. The control device according to any one of claims 1 to 4, wherein information indicating the feature included in the first image in the second screen information is image information including the feature. The control device according to any one of claims 1 to 4, wherein information indicating the feature included in the first image in the second screen information is character information expressing the feature. . A control device, a first communication terminal of a user to be authenticated, and a second communication terminal for performing the authentication,
The controller is
A first generation unit configured to generate screen information for displaying an image in which a first image including a certain feature and a second image including a feature different from the feature are arranged; First generation means for changing features included in one image at predetermined intervals;
Second generation means for generating information indicating features included in the first image;
First transmission means for transmitting the screen information generated by the first generation means to the first communication terminal;
Second transmission means for transmitting information indicating the characteristics generated by the second generation means to the second communication terminal, and
The first communication terminal is
Receiving means for receiving the screen information transmitted by the first transmitting means of the control device;
Display means for displaying an image represented by the screen information received by the receiving means of its own terminal,
The second communication terminal is
Receiving means for receiving the information indicating the feature transmitted by the second transmitting means of the control device;
Image data generating means for reading an image displayed on the first communication terminal and generating image data representing the read image;
Determining means for determining whether or not the feature represented by the information received by the receiving means of the terminal is included in an image represented by the image data generated by the image data generating means;
An authentication system comprising: notification means for notifying a determination result by the determination means. Computer
A first generation unit configured to generate first screen information for displaying an image in which a first image including a certain feature and a second image including a feature different from the feature are arranged; First generating means for changing the characteristics included in the first image for each determined period;
Second generation means for generating second screen information for displaying information indicating features included in the first image;
First transmission control means for transmitting the first screen information generated by the first generation means from a communication means to a first communication terminal which is a communication terminal of a user to be authenticated; ,
Second transmission control means for causing the second communication terminal, which is the communication terminal of the user performing the authentication, to transmit the second screen information generated by the second generation means from the communication means. A program to make it work.

Images